代码拉取完成,页面将自动刷新
published October 11,2022
updated October 11,2022
| Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | CVSS3.1 Base Score | affected versions | affected projects | fix link | reference |
|---|---|---|---|---|---|---|---|---|
| OpenHarmony-SA-2022-1001 | CVE-2022-42488 | Startup subsystem missed permission validation in param service. | Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | 8.4 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | startup_init_lite |
3.1.x 3.1.x |
Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1002 | CVE-2022-42464 | Kernel memory pool override in /dev/mmz_userdev device driver | If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. | 6.7 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
device_board_hisilicon device_hisilicon_hi3516dv300 |
3.0.x 3.1.x |
Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1003 | CVE-2022-41686 | Out-of-bound memory read and write in /dev/mmz_userdev device driver. | If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption. | 5.1 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
device_board_hisilicon device_hisilicon_hispark_taurus |
3.1.x 3.0.x |
Reported by OpenHarmony Team |
| OpenHarmony-SA-2022-1004 | CVE-2022-42463 | Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function. | Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | 8.3 | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | communication_dsoftbus | 3.1.x | Reported by OpenHarmony Team |
| CVE | severity | affected OpenHarmony versions | fix link |
|---|---|---|---|
| CVE-2022-27405 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS |
3.1.x 3.0.x 1.1.x |
| CVE-2022-2959 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2991 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2938 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2586 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2588 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2585 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2503 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-20369 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-20368 | Critical | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2639 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-36123 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-36946 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-36879 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2327 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-21505 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2021-33655 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2021-33656 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2861 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2860 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2613 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2612 | Low | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2610 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2607 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2606 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2624 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2623 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2620 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2619 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2617 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2616 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2615 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-2614 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-35737 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS |
3.1.x 3.0.x |
| CVE-2022-2415 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-1919 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-35252 | Low | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS |
3.1.x 3.0.x 1.1.x |
| CVE-2022-3028 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2977 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2964 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-39188 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3078 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-2905 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-39842 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2022-3061 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
| CVE-2021-29921 | Critical | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-0391 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2021-3737 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2021-4189 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2021-3733 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2021-28861 | High | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release | 3.1.x |
| CVE-2022-40307 | Medium | OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |
3.1.x 3.0.x |
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。